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Amendments to the Claims 
This listing of claims will replace all prior versions of claims in the application: 
Listing of Claims: 

1 . (Currently Amended) A message encryption system comprising: 

a binding component that creates a remote service binding between a user's digital 
certificate and a remote service associated with a target system, the remote service binding 
specifying that the user's digital certificate is to be used when a dialog is initiated between the 
initiator system and the remote service; 

a session key generator that generates a session key for a dialog between the initiator 
system and the remote service at the target system, the session key employed to securely 
exchange a message associated with [[a]] the dialog; and, 

an encryption component that employs asymmetric encryption to first secur e ly transmit 
the session key encrypt the session key using a private key associated with the initiator system to 
yield a first session key encryption, encrypt the first session key encryption using the public key 
specified by the remote service binding to yield an encrypted session key output, and securely 
transmit the encrypted session key output to the target system , the session key thereafter being 
employed to encrypt the message and securely exchange the message between the initiator 
system and the target system , wherein the session key encrypted message is further encrypted 
using a private key securely associated with an initiator of the message the encryption 
component encrypts the message using the session key to yield a first message encryption, and 
subsequently encrypts the first message encryption using the private key associated with the 
initiator system to yield an encrypted message output [[,H the message comprises a digital 
certificate that is employed as part of a broker service security system that facilitates location 
transparency of services by creating a remote service binding which addresses a service by a 
logical namc^ such that an application can utilize the service independent of the physical location 
of the service . 
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2. (Original) The system of claim 1, the session key comprising a 128-bit randomly 
generated symmetric key. 

3 . (Currently Amended) The system of claim 1 , tho encryption component first encrypts the 
session key employing a private key, the encryption component further encrypts the result of the 
first encryption employing a public key the remote service binding allows an application to 
address the remote service using a logical name . 

4. (Cancelled) 

5. (Currently Amended) The system of claim [[3]] J_, the public key being associated with a 
target of the message, the remote service binding created at the initiator system using the 
following syntax : 

Create Remote Service Binding <LOGICAL SERVICE NAME> 
To Service '<SERVICE>' 
With ( User = r<USER>l ) 

where <LOGICAL SERVICE NAME> is a logical name assigned to the service by the binding, 
<SERVICE> is the remote service, and <USER> is an identification of the user whose public 
key is to be utilized when a dialog is initiated with the remote service by the initiator system. 

6. (Currently Amended) The system of claim [[3]] 1, further comprising a plurality of 
trusted agents that act as a proxy for a publisher to respectively exchange the message with 
respective subscribers, the trusted agents employing the private key. 

7. (Currently Amended) The system of claim 6, a trusted agent negotiates a unique session 
key with a subscriber 

8. (Original) The system of claim 6, the trusted agents acting in concert to dynamically load 
balance distribution for the publisher. 
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9. (Currently Amended) The system of claim [[3]] I, the public key being stored as a digital 
certificate. 

10. (Original) The system of claim 9, the digital certificate being associated with a user via a 
login protocol. 

1 1 . (Currently Amended) The system of claim 1 , the encryption component first encrypts the 
session key employing a private key, the encryption component further encrypts the result of the 
first encryption employing a public key, and, the encryption component separately encrypts the 
session key with a public key associated with the target system , and the result of the second 
encryption and the separate encryption is provided as an output to the target system together with 
the encrypted session key output . 

12-13. (Cancelled). 

14. (Currently Amended) A message decryption system comprising: 

a session key employed to securely exchange a message associated with a dialog between 
an initiator system and a remote service running on a target system, the session key twice 
encrypted using a private key associated with the initiator system and a public key specified 
according to a remote service binding that associates the public key with the remote service 
running on the target system ; and, 

a decryption component that receives the encrypted version of the session key from the 
initiator system, employs asymmetric decryption to first securely decrypt the session key decrypt 
the encrypted session key using a private key associated with the target system to yield a first 
session key decryption, and decrypts the first session key decryption using a public key 
associated with the initiator system to yield the session key , the session key thereafter being 
employed to decrypt a received encoded version of the message, wherein the session key 
encrypted message is first decrypted using a public key securely associated with an initiator of 
the message the decryption component decrypts the encoded version of the message using the 
session key to yield a first message decryption, and subsequently decrypts the first message 
decryption using the public key associated with the initiator system to yield the message ^,!! the 
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message comprises a digital certificate that is employed as part of a broker service security 
system that facilitates location transparency of services by creating a remote service binding such 
that an application can utilize the service independent of the physical location of the service . 

1 5 . (Currently Amended) The system of claim 1 4, the decryption component first decrypts a 
message with a private key, the decryption component further decrypting the result of the first 
decryption with a public key, the result of the second decryption is the session key the message 
comprising a digital certificate employed as part of a broker service security system . 

16. (Currently Amended) The system of claim [[15]] 1_4, the private key being securely 
associated with [[a]] the target of the message system . 

17. (Cancelled) 
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18. (Currently Amended) A method facilitating session key encryption comprising: 
employing a processor executing computer-executable instructions stored on a computer- 
readable storage medium to implement the following acts: 

establishing a remote service binding at a first system that binds a service running 
on a second system with a particular user's digital certificate; 

initiating a dialog at the first system with the service running on the second 

system; 

identifying the digital certificate bound to the service upon initiating the dialog; 

firstly encrypting a symmetric session key with a private key associated with an 
initiator of the dialog to yield a first encryption ; 

secondly encrypting a result of the first encryption with a public key associated 
with the identified digital certificate to yield a second encryption ; and; 

transmitting a result of the first encryption from the first system to the second 
system; and 

employing the session key to encrypt and decrypt messages between the first 
system and the second system that access the service running on the second system. 

providing a rosult of tho second encryption as an output, tho output comprises a 
digital certificate that is employed as part of a service broker security system that 
facilitates location transparency of services by creating a remote service binding such that 
an application can utilize the service independent of the physical location of the service. 

19. (Currently Amended) The method of claim 1 8, the private key being associated with an 
initiator of a message further comprising encrypting a message at the first system using the 
session key to yield a first message encryption, and encrypting the first message encryption at the 
first system using the private key associated with the identified digital certificate to yield a twice- 
encrypted message . 

20. (Original) The method of claim 1 8, the public key being associated with a target of a 
message. 
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21 . (Original) A computer readable medium having stored thereon computer executable 
instructions for carrying out the method of claim 18. 

22. (Currently Amended) A method facilitating session key decryption comprising: 
employing a processor executing computer-executable instructions stored on a computer- 
readable storage medium to implement the following acts: 

establishing a dialog between a dialog initiator and a service running on a target 

system; 

receiving at the target system an encrypted session key from the dialog initiator, 
the encrypted session key encrypted using a private key associated with the dialog 
initiator and a public key specified by a remote service binding that associates the public 
key with the service running on the target system; 

firstly decrypting a message the encrypted session key with a private key 
associated with the target system to yield a first decryption ; 

s e cond decrypting a result of the first decryption with a public key associated with 
the dialog initiator to yield the decrypted session key ; andr 

employing a result of tho sooond decryption as a session key, the decrypted 
session key thereafter being employed together with the public key associated with the 
dialog initiator to decrypt a subsequent twice-encrypted message from the dialog 
injtiator[[,]] whoroin tho subsequent message is first decrypted using a public key 
securely associated with an initiator of tho message ; 

facilitating location transparency of services within a service broker security 
system employing a digital certificate included in the subsequent message by creating a 
remote service binding that addresses tho broker sorvico logically by name such that an 
application can utilize tho broker service independent of tho physical location of tho 

deploying multiple instances of the a service broker that serve to establish dialogs 
between subscribers and the dialog initiator ; 

sharing the private key associated with the dialog initiator within with the 
multiple instances of the service broker; and 
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negotiating a unique session key with each of a subscriber accessing an one of the 
multiple instances of the service broker. 

23. (Original) The method of claim 22, the private key being associated with a target of a 
message. 

24. (Original) The method of claim 22, the public key being associated with an initiator of a 
message. 

25. (Original) A computer readable medium having stored thereon computer executable 
instructions for carrying out the method of claim 22. 

26. (Currently Amended) A computer- readable storage medium encoded with a data structure 
that facilitates secure distributed communication, the data structure comprising: 

a first data field comprising a remote service binding that associates a service running on 
a remote system with a particular user's public key; and 

a data field comprising an encrypted session key, the session key encrypted using a 
private key associated with an initiator of a message to the service and the public key associated 
with the service by the remote service binding; 

a data field comprising an encrypted message, the encrypted message first encrypted with 
a symmetric the session key, then encrypted with [[a]] the private key securely associated with 
[[an]] the initiator of the message, the message comprises comprising a digital certificate that is 
employed as part of a service broker security system that facilitates location transparency of the 
servicers]] by creating a remote service binding such that an application can utilize the service 
independent of the physical location of the service . 
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27. (Currently Amended) A message decryption system comprising: 

means for creating a remote service binding that associates a service running on a first 
system with a particular public key; 

means for initiating a message exchange between the first system and a second system, 
the message exchange involving access to the service running on the first system; 

means for receiving an encrypted session key from the second system, the encrypted 
session key encrypted using a private key associated with the second system and the public key 
associated with the service by the remote service binding ; 

means for decrypting the encrypted session key using a private key associated with the 
first system to yield a first decryption ; 

means for decrypting a result of the first decryption with a public key associated with the 
second system to yield a second decryption ; 

means for securely storing a result of the second decryption as a session key; and 

means for employing the session key to decrypt a n encrypted message received by the 
second system , wh e r e in the s e ssion key encrypted message encrypted using the session key is 
further encrypted using and a private key securely associated with an initiator of the message the 
second system fl";]]. 

means for employing a digital certificate included in the message to create a remote 
service binding such that an application can utilize the service independent of the physical 
location of the servic e. 

28. (Currently Amended) The system of claim 1, further comprising multiple instances of the 
broker service sharing the same private key such that the an application accessing the remote 
service treats the multiple instances collectively as a unit. 
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